-
Notifications
You must be signed in to change notification settings - Fork 455
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
JSON-RPC API: User's Password #282
Comments
I observed that behaviour just yesterday on my setup too. Maybe just prevent the username/password from getting exposed and string replaced in the raw string would be enough? |
It's "normal behaviour" and should definitely be changed |
fixed a490402 |
Excuse me @badaix, do you create a new .deb package every time you fix a bug, or should I compile from source?. Thanks in advance! |
Not for every bug. But the v0.12.0 will be released soon (I hope during the next weekend). |
Hello everyone,
I've started playing with the JSO-RPC Api, and noticed that every time the server sends an update (next song event, play, pause, etc), it includes my user and password in the body. Something like this:
It just seems that anyone on my network could telnet to that port and see my user/pass. Is this the normal behaviour, something misconfigured, or a security bug?
Thanks in advance!
The text was updated successfully, but these errors were encountered: